auto-updater-3

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] The document itself contains no embedded malicious code, but it prescribes several high-risk supply-chain practices: instructing users to download and run an unverified external binary from non-official/personal sources, automating global package updates (which execute registry-provided install scripts), and running updates autonomously via cron. These patterns increase the likelihood that a compromised distribution point or registry artifact could lead to arbitrary code execution on users' systems. Recommend adding pinned versions/checksums and signature verification for openclawcli, use official distribution channels, run updates with least privilege or in sandboxed contexts, avoid unconditional global installs, and clearly document what data is reported in summaries. LLM verification: The skill's stated purpose (automatic updates via scheduled jobs) aligns with the commands and capabilities described. However, the setup requires the user to download and execute an unpinned external binary from a third-party GitHub release and execute a glot.io installation snippet for macOS. Those download-and-execute instructions are the primary supply-chain risk: an attacker controlling the referenced artifacts or compromising the hosting could execute arbitrary code on users' systems and s